Redirection de moteur de recherche

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Redirection de moteur de recherche

Messagede BrdPb » 18 Juil 2012, 16:46

Bonjour,

Je suis victime d'une redirection des résultats de différents moteurs de recherche (Bing, Google...) et ce avec Firefox ET Chrome.

Les symptomes sont les suivants pour google :

Je peux accéder à la page "www.google.fr". Le problème survient lorsque je lance une recherche : je suis alors redirigé vers les résultats d'un moteur plutot douteux. La page des résultats est fournie par le site "fr.sooosearch.com". Google est donc devenu inutilisable, je ne sait pas à quel degré mon ordinateur est infecté et s'il est toujours sur.

J'ai essayé d'identifier la source du probleme grace a de nombreux logiciels (Spybot, Avira, AdAware, MalewareBytes et bien d'autres), pourtant je n'ai rien trouvé et le problème persiste.

Pourriez vous m'aider à en identifier la cause? Merci d'avance

Rapport MalewareBytes

Malwarebytes Anti-Malware 1.62.0.1300
http://www.malwarebytes.org

Version de la base de données: v2012.07.18.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
pharma :: DEBALCAV [administrateur]

18/07/2012 17:08:31
mbam-log-2012-07-18 (17-08-31).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 208175
Temps écoulé: 4 minute(s), 53 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
BrdPb
 
Messages: 3
Inscription: 18 Juil 2012, 16:20

Re: Redirection de moteur de recherche

Messagede BrdPb » 18 Juil 2012, 16:48

Rapport OTL.txt


OTL logfile created on: 18/07/2012 16:13:52 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\pharma\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,37 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 50,74% Memory free
3,01 Gb Paging File | 2,25 Gb Available in Paging File | 74,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 35,69 Gb Free Space | 50,06% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 62,40 Gb Free Space | 87,97% Space Free | Partition Type: NTFS
Drive F: | 3,81 Gb Total Space | 3,53 Gb Free Space | 92,50% Space Free | Partition Type: FAT32
Drive G: | 49,09 Gb Total Space | 32,42 Gb Free Space | 66,04% Space Free | Partition Type: NTFS
Drive H: | 49,09 Gb Total Space | 32,42 Gb Free Space | 66,04% Space Free | Partition Type: NTFS

Computer Name: DEBALCAV | User Name: pharma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 11:13:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pharma\Desktop\OTL.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/01/17 19:09:00 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:09:00 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006/12/08 15:45:32 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/11/25 01:58:28 | 000,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
PRC - [2006/11/25 01:58:26 | 000,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
PRC - [2006/11/09 04:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2000/04/20 22:34:00 | 000,072,659 | ---- | M] (Cip, Silmm, MMF) -- C:\Program Files\VTerm\lpd.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/03 10:12:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/10/15 02:03:50 | 003,076,096 | ---- | M] () -- c:\program files\adobe\reader 8.0\reader\rdlang32.fra
MOD - [2008/01/11 22:48:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.FRA
MOD - [2007/05/11 03:49:32 | 000,049,152 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.FRA
MOD - [2007/05/11 03:49:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.FRA
MOD - [2007/05/11 03:48:58 | 000,026,112 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.FRA
MOD - [2007/05/11 03:48:50 | 000,053,248 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.FRA
MOD - [2007/05/11 03:48:40 | 000,974,848 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.FRA
MOD - [2007/05/11 03:48:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.FRA
MOD - [2007/05/11 03:48:10 | 000,013,312 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.FRA
MOD - [2007/05/11 03:47:52 | 000,159,744 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.FRA
MOD - [2007/05/11 03:47:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.FRA
MOD - [2007/05/11 03:45:18 | 000,006,656 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.FRA
MOD - [2007/05/11 03:43:34 | 000,217,088 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.FRA
MOD - [2007/05/11 03:42:28 | 000,196,608 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.FRA
MOD - [2007/05/11 03:41:00 | 001,220,608 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.FRA
MOD - [2007/05/11 03:38:30 | 000,081,920 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.FRA
MOD - [2007/05/11 03:38:10 | 000,819,200 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.FRA
MOD - [2007/04/15 22:56:10 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll
MOD - [2007/01/13 04:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007/01/13 04:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006/11/24 15:37:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/10/23 02:28:46 | 000,005,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.FRA
MOD - [2006/10/23 02:28:14 | 000,012,288 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.FRA
MOD - [2006/10/23 02:27:36 | 000,008,704 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.FRA
MOD - [2006/10/23 02:27:08 | 000,011,264 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.FRA
MOD - [2006/10/23 02:26:10 | 000,013,312 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.FRA
MOD - [2006/10/23 02:25:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.FRA
MOD - [2002/10/08 00:20:28 | 000,617,472 | ---- | M] () -- C:\Program Files\VTerm\Lpd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/07/16 11:55:03 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/06/21 16:18:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/03 09:33:50 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006/12/08 15:45:32 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/25 01:58:28 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/25 01:58:26 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/01/18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/01/26 11:34:08 | 000,005,248 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/24 15:46:36 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\..\SearchScopes,DefaultScope = {F8C7A2AE-82FA-4AFE-B6B9-9A5B8230038A}
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\..\SearchScopes\{F8C7A2AE-82FA-4AFE-B6B9-9A5B8230038A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2518994950-20591395-636542780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.icservic.com/proxy/proxy.pac?id=ja1000_4445

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%3Fhl%3Dfr%26nsr%3D1%26ui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&hl=fr|http://www.horlogeparlante.com/france_strasbourg_334.php|https://login.ameli.fr/sso/cnamts/jsp/login_PS.jsp?site2pstoretoken=v1.2~51BACFA5~7B939A2AC8F9D0B7DC306EDEF469A560A513C55046EF5F3153D75FD1546BCC9BC8A0782E14941641B339FD6D5C044D103871234120AA7CDE252DD5F692A74BD6774215D016EF423F7D8568F439EAD16740E5A3E1835402DA86B92FCB13FAD8921E0132524E1A8F79818FCCE11C0B3FD41B40C617214B4EE13B651B26AFC629E953CEBE1C342F67056EA7B81606E7F73F1311EDD1194812D666DF3B995C1B2F80&p_error_code=&p_submit_url=https%3A%2F%2Flogin.ameli.fr%2Fsso%2Fauth&p_cancel_url=https%3A%2F%2Fps.ameli.fr%2Fportal%2Fpls%2Fportal%2FPORTAL.home&ssousername=&ssocpt=1|http://www.smsmode.com/"
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pharma\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pharma\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/21 16:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 10:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/09 17:43:05 | 000,000,000 | ---D | M]

[2008/06/19 09:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pharma\AppData\Roaming\mozilla\Extensions
[2012/05/02 08:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pharma\AppData\Roaming\mozilla\Firefox\Profiles\sev5ufw6.default\extensions
[2011/11/14 13:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/06/21 16:18:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/28 11:41:47 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/21 16:18:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/06/21 16:18:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/21 16:18:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/06/21 16:18:12 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/06/21 16:18:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/06/21 16:18:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pharma\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pharma\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pharma\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\pharma\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\pharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Users\pharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

O1 HOSTS File: ([2012/07/13 19:41:02 | 000,000,806 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (TBSB06061 Class) - {522FEA1A-A240-4218-9ADF-635031F3F86A} - C:\Program Files\Google Toolbar\tbcore3.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {44B6C0A4-CE90-7E3C-6B05-A66C402F2B2E} - C:\Program Files\Google Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2518994950-20591395-636542780-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\pharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connect.bat - Raccourci.lnk = C:\Windows\connect.bat ()
O4 - Startup: C:\Users\pharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Emulateur.lnk = C:\Program Files\VTerm\VTerm.exe ()
O4 - Startup: C:\Users\pharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{249F92C2-9DDB-4DB7-9377-F637A15A8603}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{249F92C2-9DDB-4DB7-9377-F637A15A8603}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 16:09:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/18 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/18 11:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/18 11:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/18 11:34:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\pharma\Desktop\OTL.exe
[2012/07/18 11:31:13 | 000,000,000 | ---D | C] -- C:\Users\pharma\AppData\Roaming\Malwarebytes
[2012/07/18 11:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/18 11:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/18 11:31:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/18 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/16 14:52:09 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/16 14:52:09 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/16 14:52:09 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/16 14:47:10 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/07/16 14:47:10 | 000,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/07/16 14:46:59 | 000,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/07/16 14:46:59 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/07/16 14:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2012/07/16 14:46:39 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/07/16 14:46:14 | 000,000,000 | ---D | C] -- C:\Users\pharma\AppData\Roaming\PC Tools
[2012/07/16 14:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/16 14:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/07/16 14:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2012/07/16 14:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/16 11:55:16 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/07/16 11:46:09 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2012/07/16 11:46:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/07/16 11:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/07/16 11:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/07/16 11:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/07/13 18:00:47 | 000,000,000 | ---D | C] -- C:\Users\pharma\DoctorWeb
[2012/07/13 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\pharma\Doctor Web
[2012/07/13 16:42:51 | 000,000,000 | ---D | C] -- C:\Users\pharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/13 16:41:47 | 000,000,000 | ---D | C] -- C:\Users\pharma\AppData\Local\Google
[2012/07/12 08:08:36 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 08:18:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/06/27 11:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Vidal
[2012/06/27 11:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Vidal Menu
[2012/06/27 10:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Vidal Expert
[2012/06/19 07:56:16 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 07:56:15 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 07:55:57 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 07:55:57 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 07:55:57 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 07:55:48 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 07:55:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files - Modified Within 30 Days ==========

[2012/07/18 16:17:02 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/07/18 16:11:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:11:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:06:23 | 000,679,008 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/07/18 16:06:23 | 000,596,002 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/18 16:06:23 | 000,126,624 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/07/18 16:06:23 | 000,104,076 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/18 16:05:08 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/07/18 16:01:47 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2518994950-20591395-636542780-1000UA.job
[2012/07/18 16:01:47 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2518994950-20591395-636542780-1000Core.job
[2012/07/18 16:01:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 15:56:20 | 447,348,674 | ---- | M] () -- C:\Users\pharma\Desktop\20120718.reg
[2012/07/18 15:52:37 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/18 11:35:55 | 000,000,737 | ---- | M] () -- C:\Users\pharma\Desktop\NTREGOPT.lnk
[2012/07/18 11:35:55 | 000,000,718 | ---- | M] () -- C:\Users\pharma\Desktop\ERUNT.lnk
[2012/07/18 11:33:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 11:13:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pharma\Desktop\OTL.exe
[2012/07/18 10:29:12 | 000,000,230 | ---- | M] () -- C:\Users\pharma\Desktop\computer (2).lnk
[2012/07/18 07:59:21 | 000,259,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/17 10:22:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/17 10:22:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/16 11:55:15 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/07/16 11:46:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/07/13 19:41:02 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/13 16:42:54 | 000,002,051 | ---- | M] () -- C:\Users\pharma\Desktop\Google Chrome.lnk
[2012/07/13 16:42:54 | 000,002,013 | ---- | M] () -- C:\Users\pharma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/28 09:25:16 | 000,000,783 | ---- | M] () -- C:\Users\pharma\Desktop\VidalExpert.lnk

========== Files Created - No Company Name ==========

[2012/07/18 16:17:02 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/07/18 15:54:50 | 447,348,674 | ---- | C] () -- C:\Users\pharma\Desktop\20120718.reg
[2012/07/18 15:52:37 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/18 11:35:55 | 000,000,737 | ---- | C] () -- C:\Users\pharma\Desktop\NTREGOPT.lnk
[2012/07/18 11:35:55 | 000,000,718 | ---- | C] () -- C:\Users\pharma\Desktop\ERUNT.lnk
[2012/07/18 11:31:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 10:29:12 | 000,000,230 | ---- | C] () -- C:\Users\pharma\Desktop\computer (2).lnk
[2012/07/18 10:20:45 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/07/17 10:22:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/07/17 10:22:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/07/16 14:52:09 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/16 14:52:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/16 14:52:09 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/16 14:52:09 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/16 14:52:09 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/07/16 14:47:11 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2012/07/16 14:46:59 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2012/07/16 14:46:59 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2012/07/16 14:46:39 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2012/07/16 11:46:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/07/13 16:42:54 | 000,002,051 | ---- | C] () -- C:\Users\pharma\Desktop\Google Chrome.lnk
[2012/07/13 16:42:54 | 000,002,013 | ---- | C] () -- C:\Users\pharma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/13 16:41:49 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2518994950-20591395-636542780-1000UA.job
[2012/07/13 16:41:48 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2518994950-20591395-636542780-1000Core.job
[2012/06/28 09:25:16 | 000,000,783 | ---- | C] () -- C:\Users\pharma\Desktop\VidalExpert.lnk
[2010/01/23 17:43:57 | 000,000,966 | ---- | C] () -- C:\Users\pharma\qll
[2009/05/13 12:22:54 | 000,025,542 | ---- | C] () -- C:\Users\pharma\ALLAIT.odt
[2008/02/27 18:48:21 | 000,003,584 | ---- | C] () -- C:\Users\pharma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/21 12:58:46 | 000,010,385 | ---- | C] () -- C:\Users\pharma\coffret.ods
[2007/08/09 10:42:35 | 000,001,296 | RHS- | C] () -- C:\Users\pharma\ntuser.pol
[2007/08/06 08:21:04 | 000,007,268 | ---- | C] () -- C:\Users\pharma\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2008/11/12 10:42:34 | 000,000,000 | ---D | M] -- C:\Users\pharma\AppData\Roaming\OpenOffice.org
[2007/08/06 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\pharma\AppData\Roaming\Thunderbird
[2007/08/06 11:09:09 | 000,000,000 | ---D | M] -- C:\Users\pharma\AppData\Roaming\Thunderbird.ori
[2009/01/29 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\pharma\AppData\Roaming\webex
[2012/07/18 16:05:08 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/07/18 16:00:31 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 09:10:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 09:10:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 09:10:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 09:07:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 09:07:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
BrdPb
 
Messages: 3
Inscription: 18 Juil 2012, 16:20

Re: Redirection de moteur de recherche

Messagede BrdPb » 18 Juil 2012, 16:49

Rapport Extras.txt (OTL)



OTL Extras logfile created on: 18/07/2012 16:13:52 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\pharma\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,37 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 50,74% Memory free
3,01 Gb Paging File | 2,25 Gb Available in Paging File | 74,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 35,69 Gb Free Space | 50,06% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 62,40 Gb Free Space | 87,97% Space Free | Partition Type: NTFS
Drive F: | 3,81 Gb Total Space | 3,53 Gb Free Space | 92,50% Space Free | Partition Type: FAT32
Drive G: | 49,09 Gb Total Space | 32,42 Gb Free Space | 66,04% Space Free | Partition Type: NTFS
Drive H: | 49,09 Gb Total Space | 32,42 Gb Free Space | 66,04% Space Free | Partition Type: NTFS

Computer Name: DEBALCAV | User Name: pharma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2518994950-20591395-636542780-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D2817FB-219B-4753-975B-CBE8E152E084}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"{8E9919AD-BAE4-4556-B937-67C0477DF1B7}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"TCP Query User{283AA536-0F53-4BD3-B6D1-057EAA097479}C:\program files\vidal\vidalexpert\system\runtime\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\vidal\vidalexpert\system\runtime\bin\java.exe |
"UDP Query User{5E37BE01-D331-4127-ACF7-13FC079C5E27}C:\program files\vidal\vidalexpert\system\runtime\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\vidal\vidalexpert\system\runtime\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2D9764-65AC-4686-BBAE-473CADF2E40A}" = Pharma'Etiq
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B038617-3B06-4499-BCB3-7D13EDE4EF8C}" = ESET NOD32 Antivirus
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.4 - Français
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"Google Toolbar" = Google Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 13.0.1 (x86 fr)" = Mozilla Firefox 13.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Doctor" = Spyware Doctor 7.0
"Vidal Expert" = Vidal Expert
"VTerm" = VTerm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2518994950-20591395-636542780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09/03/2011 10:32:20 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/03/2011 10:32:20 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/03/2011 10:32:20 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/03/2011 10:32:25 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/03/2011 10:32:25 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/03/2011 10:40:12 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/03/2011 10:40:12 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/03/2011 10:40:12 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/03/2011 10:40:15 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/03/2011 10:40:15 | Computer Name = debalcav | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 17/07/2012 04:22:52 | Computer Name = debalcav | Source = LSM | ID = 1048
Description =

Error - 17/07/2012 04:47:04 | Computer Name = debalcav | Source = LSM | ID = 1048
Description =

Error - 18/07/2012 02:00:15 | Computer Name = debalcav | Source = LSM | ID = 1048
Description =

Error - 18/07/2012 02:02:46 | Computer Name = debalcav | Source = DCOM | ID = 10016
Description =

Error - 18/07/2012 03:57:23 | Computer Name = debalcav | Source = LSM | ID = 1048
Description =

Error - 18/07/2012 04:00:01 | Computer Name = debalcav | Source = DCOM | ID = 10016
Description =

Error - 18/07/2012 04:20:43 | Computer Name = debalcav | Source = LSM | ID = 1048
Description =

Error - 18/07/2012 04:21:22 | Computer Name = debalcav | Source = DCOM | ID = 10016
Description =

Error - 18/07/2012 10:02:14 | Computer Name = debalcav | Source = LSM | ID = 1048
Description =

Error - 18/07/2012 10:03:44 | Computer Name = debalcav | Source = DCOM | ID = 10016
Description =


< End of report >
BrdPb
 
Messages: 3
Inscription: 18 Juil 2012, 16:20


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 12 invités